SDK to capture forensic image

I'm a forensic analyst looking for specific direction on using the SDK to access Flash memory and acquire a bit-for-bit image of it. I've found a number of postings on various forums that it can be done with SDK utilities; but have not seen anyone describe exactly how. No help in that I am not java-educated.

The closest I'm coming to a possibility is to use javaloader. I know there are a few (expensive) tools that I could buy from UK but for reasons of both economy and insight I'd prefer a software solution.

Yes, I've searched extensively on the BB forums and it's possible I've overlooked something. Device is 8830 World Edition, provider is Verizon. I've gotten an ipd and converted using ABC successfully; and I've "cloned" the SIM (yes, in a CDMA phone) and imaged it. Assistance will be truly appreciated.

Re: SDK to capture forensic image

I don't think you need a SDK to do this. If you have tools to read a image on your computer you can plug the BlackBerry into a computer and access it as a flash drive thus you don't alter any data that might be there.

---Spends time in #blackberrydev on freenode (IRC)----Three simple rules:1. Please use the search bar before making new posts.2. "Like" posts that you find helpful.3. If a solution has been found for your post, mark it as solved.--I code too much. Well, too bad.

Re: SDK to capture forensic image

It's powered on and accessible; has the original SIM back in it. Risky, I know, but there was no alternative at this time. As to the previous reply received, I'm unsure how I would get a connect to the Flash specifically, although I've taken a look for that. And I use some robust forensic tools. Thanks so far...

Re: SDK to capture forensic image

I'm having the same issue w/ a Verizon 8330. The typical phone imaging tools will only allow you to image the SD card or access what's currently allocated, not all of the built-in flash memory. We have a user whose BB got reset (not wiped) and so the address book is blank, but we'd like to see if there are remnants of it somewhere in the built-in memory to carve out . Is this even feasible?

Re: SDK to capture forensic image

I would think there is a way but don't know. It might be best to send a message to RIM because they might have tools for this.

---Spends time in #blackberrydev on freenode (IRC)----Three simple rules:1. Please use the search bar before making new posts.2. "Like" posts that you find helpful.3. If a solution has been found for your post, mark it as solved.--I code too much. Well, too bad.

Re: SDK to capture forensic image

If we're talking about what gets exposed as mass storage memory, then on a 'nix machine, one could simply use dd off the device.

If we're talking about something more sophisticated like what is used as application memory and is normally internal to the phone, then that is naturally more difficult and I have no suggestions for that.

Re: SDK to capture forensic image

They have the mass storage, that's easy and can be done on almost an OS. They are looking for access to internal memory (like for where the contacts are stored).

---Spends time in #blackberrydev on freenode (IRC)----Three simple rules:1. Please use the search bar before making new posts.2. "Like" posts that you find helpful.3. If a solution has been found for your post, mark it as solved.--I code too much. Well, too bad.

Re: SDK to capture forensic image

I suspect what this person would actually like to do is take a memory dump that can be restored to the device(or perhaps any device0 and will recreate the device as it was.

I am not aware of any way to even come close to that. RIM are the only people likely to be able to do this. As is typical of a Java environment, APIs are sandboxed from a lot of the detailed OS stuff like this.

Re: SDK to capture forensic image

Does anyone know who to contact at RIM to figure this out? The forensics community would greatly benefit from being able to easily dump the internal memory of a BB, and it doesn't matter if it's as one big chunk.